Author : Abhishek Karkamkar 1
Date of Publication :7th April 2016
Abstract: Authentication is a two step process, identification and verification. Earlier system didn’t give any stress on identification process; our system focuses on whether the user is legitimate user or not by using a personal secret data of the user instead of using his login id for the identification process. This is achieved with the help of Mind metric token. Our system will ask the user to enter the Mindmetric token at the time of registration. User has to use his unique Mind metric token along with the password at the time of login. This helps in adding extra security for identification step. Mind metrics is what resides in user’s brain. User uses this token to pass first identification process step, after this a set of login IDs are displayed to user in partially obscured form. A legitimate user can easily select his ID and can successfully complete the identification process. To begin verification process user has to pass OTP process and a picture based question process. The password of user is divided into two halves and encrypted and then stored in two servers. This adds more security to verification process. At the time of verification of password the encrypted password which is stored on the two servers are decrypted and then merged. After decryption the password is matched with the user password which he has entered at the time of login along with the Mind metric token. If both the password matches with each other, then only the user is a fully legitimate user and has a full access to his account. Thus system not only enhances identification process but also enhances verification process. Thus in turn authentication is strengthened. This scheme is used where biometrics scheme cannot be used cost-effectively.
Reference :
-
- Wen-Bin Hsieh Dept. of Electron. Eng., Nat. Taiwan Univ. of Sci. & Technol., Taipei, Taiwan Jenq-Shiou Leu, “ Design of a time and location based One-Time Password authentication scheme ,“ Wireless Communications and Mobile Computing Conference (IWCMC), 2011 7th International on July 2011.
- Xun Yi, San Ling, and Huaxiong Wang, ”Efficient Two-Server Password-Only Authenticated Key Exchange,” IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, VOL. 24, NO. 9, SEPTEMBER 2013.
- Flonta, S. Tech. Univ. of Cluj-Napoca, Cluj-Napoca Miclea, L., “An extension of the El Gamal encryption algorithm,”http://en.wikipedia.org/wiki/ElGamal_en cryption, Automation, Quality and Testing, Robotics, 2008. AQTR 2008. IEEE International Conference on may 2008.
- Alzomai, M.; Queensland Univ. of Technol., Brisbane, QLD; Josang, A.; McCullough, A ; Foo,E.” Strengthening SMS-Based Authentication through Usability,” Parallel and Distributed Processing with Applications, 2008. ISPA '08. International Symposium on Dec 2008.
- W. Diffie and M.E. Hellman, “New Directions in Cryptogra- phy,” IEEE Trans. Information Theory, IT-22, no. 6, pp. 644-654, Nov. 1976
- Juyeon Jo; Dept. of Comput. Sci., Univ. of Nevada, Las Vegas, NV, USA ; Yoohwan Kim ; Sungchul Lee ” Mind metrics: Identifying users without their login Ids” Systems, Man and Cybernetics (SMC), 2014 IEEE International Conference on Oct 2014